Add 2 additional OIDs to the list of acceptable digestEncryptionAlgIDs,

per RFC 3370. r=thayes. Bug 230761.
author: nelsonb%netscape.com <devnull@localhost> 2004-01-14 22:20:44 +0000
committer: nelsonb%netscape.com <devnull@localhost> 2004-01-14 22:20:44 +0000
commit: 1f308d745f87b7f98f12fa6745633a6631534478 (patch)
tree: 5eb3f6b9a386fcac0cf9e2bf8c86b635ab1f11db
parent: c895ccc7a05550a33a0957e07f5cb8b5eeb71c7e (diff)
download: nss-hg-1f308d745f87b7f98f12fa6745633a6631534478.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c
index bcd6839d7..027593181 100644
--- a/security/nss/lib/smime/cmssiginfo.c
+++ b/security/nss/lib/smime/cmssiginfo.c
@@ -344,6 +344,7 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo,
     CERTCertificate *cert;
     NSSCMSVerificationStatus vs = NSSCMSVS_Unverified;
     PLArenaPool *poolp;
+    SECOidTag    tag;
 
     if (signerinfo == NULL)
 	return SECFailure;
@@ -370,10 +371,13 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo,
      * and we would Just Work.  So this check should just be removed,
      * but not until the VFY code is better at setting errors.
      */
-    switch (SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg))) {
+    tag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg));
+    switch (tag) {
     case SEC_OID_PKCS1_RSA_ENCRYPTION:
     case SEC_OID_ANSIX9_DSA_SIGNATURE:
     case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+    case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+    case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
 	/* ok */
 	break;
     case SEC_OID_UNKNOWN:
author	nelsonb%netscape.com <devnull@localhost>	2004-01-14 22:20:44 +0000
committer	nelsonb%netscape.com <devnull@localhost>	2004-01-14 22:20:44 +0000
commit	1f308d745f87b7f98f12fa6745633a6631534478 (patch)
tree	5eb3f6b9a386fcac0cf9e2bf8c86b635ab1f11db
parent	c895ccc7a05550a33a0957e07f5cb8b5eeb71c7e (diff)
download	nss-hg-1f308d745f87b7f98f12fa6745633a6631534478.tar.gz